Successfully reported this slideshow.

OpenID Foundation Retail Advisory Committee Webinar

20,220 views

Published on

Presentation on the use of third party authentication from AOL, Google, Facebook, MySpace, Microsoft, and Yahoo to increase registration rates, improve login success rates, build richer user profiles, project a website's brand via activity streams, and enable federated single signon (SSO) across partner websites.

Published in: Technology
  • Great article. Thanks for sharing .
    http://www.halloweencostumesbest.com/
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • thanks for sharing. Ornela from http://www.best-webhost-review.com
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • Based on the slide it seems that the OpenID community is quite large. they are all over the net.
    I wish them great success.
    http://www.littlegiraffeblanky.com
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • Open ID
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • Excellent slideshow. I've taken a number of the framework graphics and adapted to my startup
    Sharika
    http://financeadded.com http://traveltreble.com
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here

OpenID Foundation Retail Advisory Committee Webinar

  1. Retail Advisory Committee April 9th, 2009
  2. Agenda  Welcome and Orientation  Introductions, goals for the session, OpenID overview  Business case for OpenID  Leveraging user profile data  Best practices for Online Retailers  Input from Online Retailers – needs and expectations  Wrap-up
  3. Introductions Please share your role and interests for today  Amazon Praveen Alavilli  AOL George Fletcher or Edwin Aoki  DSW Rafeeq Rehman  Google* Eric Sachs  Icon Fitness Bob Cook  JanRain* Brian Kissel  LiveNation Harvey Dennis  NetMesh* Johannes Ernst  Nomura Research* Tatsuki Sakushima  OpenTable Scott Jampol  OpenID Foundation* Don Thibeau  PayPal* Andrew Nash  Six Apart * David Recordon  Symantec Ashish Jain  Yahoo * Allen Tom, Raj Mata
  4. Survey Results: Topics Best Practices for Online Retailers Input from Online Retailers Leveraging User Profile Data Business Case for OpenID PCI Compliance, Trust, Security, Privacy, etc. Driving Adoption and Usage Coming Enhancements Best Practices for OpenID Providers OpenID Success Stories Overview of 3rd Party Authentication Federated SSO Across Multiple websites Leveraging Activity Stream to Project Brand Updates from Major OpenID providers The Role of the OpenID Foundation 0.0 0.5 1.0 1.5 2.0 2.5 3.0
  5. Goals for the Day Participants OpenID Foundation • Cover the topics per • Input and feedback on how Online the survey Retailers are thinking about OpenID • Capture any • Suggestions on how the OpenID additional goals Foundation and the member companies can better meet the needs of Online • Lay foundation for an Retailers ongoing Advisory Committee • Develop plan and tools for Online Retailers to implement best practices • Consider forming a and accelerate adoption and usage of “Core Group” of OpenID Online Retail OPs and RPs • Facilitate formation and collaboration of “Core Group” of Content Provider OPs and RPs
  6. Guidance for the Session • We have a lot to cover in 90 minutes • This is just our kickoff session, more will follow if appropriate • Put everything on the table • Dissonance can produce good results • Let’s keep focused on business objectives vs. technical details • We can follow up later on technical details • No ‘rat holes’ – after its said and understood, let’s move on… • We can’t resolve everything here today • Summaries will cover • Questions, observations, and needs • Recommendations • Suggested next steps
  7. OpenID Foundation  Mission  A membership organization for individuals and organizations that facilitates the development of OpenID technologies, ensures the technology is open, and promotes the technology.  BOD Members  Facebook, Google, IBM, Microsoft, PayPal, Verisign, Yahoo  8 additional “community” members  20+ corporate members  Working relationships with related organizations  OAuth, Open Web, Portable Contacts, Concordia, Liberty, InfoCard, XRI, OASIS, OSIS, etc.
  8. Market Evolution  Key market developments driving adoption:  > 1 Billion Enabled Accounts  Technology Advances  Deployability Improvements  Usability Improvements  Social networks
  9. Enabled Accounts (millions) 1440 790 160 20 2006 2007 2008 2009 AOL Yahoo MySpace Live Journal Orange Blogger Windows Live ID myOpenID Facebook Verisign Mixi Telecom Italia Google
  10. 40,000+ Websites Accepting 3rd Party Login iPhoto
  11. Technology Advances 2005 2006 2007 2008 2009 OpenID 1.0 Protocol OpenID 2.0 (May 2005) (Dec 2007) Contract Exchange Attribute (Feb 2009) PAPE 1.0 SREG 1.0 Extension Exchange 1.0 (Dec 2008) (Mar 2006) XRD Discovery (Dec 2007) (Mar 2009) UX Extension (Mar 2009) MSFT Cardspace SXIP joined OpenID Integrations integrate s with OpenID ( Jun 2006) ( Feb 2007) Phone-based , 2 –factor auth Portable Contacts Oauth Draft Oauth 1.0 Related (Jul 2007) (Dec 2007) Activity Streams (FB, MS, Yahoo)
  12. Deployability 2005 2006 2007 2008 2009 Open source libraries and plug-ins SaaS Abstractions Wordpress Ruby Ruby On Rails Google Friend MySpace Connect Connect Beta Python Drupal MediaWiki Facebook RPX Pearl phpNuke Connect Wordpress Joomla plug-in C# JanRain Cold Fusion Django RPX Java Squeak MSFT .NET 2.0 Smalltalk C, C++ Haskell
  13. Usability 2008 2009 2007 • OpenID User must understand and remember URL • Each OpenID Provider has different URL syntax • This worked “OK” on tech-focused blogs, wikis, discussion groups, etc. • Yahoo buttons, Google Friend but not well with broader Connect, Facebook Connect, ID audiences and applications Selector • Second UX Summit at Facebook • Content Provider Advisory • OP and RP best practices Committee meeting in NYC • First UX Summit at Yahoo • MySpace Connect • Major OPs improving workflow • Graphical interface of major Identity Providers, including proprietary solutions from Facebook, MySpace, & Microsoft • User only needs to click on icon for preferred identity account
  14. Increasing Value of Social Networks Social networks driving the value of registered users and activity stream benefits to website operators  Community users (CU) remain customers 50% longer than non-community users, AT&T  CU spend 54% more than non-community users, EBay  CU visit 9X more often and have 4X as many page views than non-community users, McKinsey  56% of online community members log in once a day or more, Annenberg  In customer support, live interaction costs 87% more per transaction than forums and other web self-service options, Association of Support Professionals  43% of support community visits are in lieu of opening up a support case, Cisco  Customers report good experiences in online communities more than twice as often as they do via calls or mail, Jupiter
  15. Accepting Customers with Existing Accounts Sulit UserVoice Interscope Records Track Street This Racers
  16. Agenda  Welcome and Orientation  Introductions, goals for the day, OpenID overview  Business case for OpenID  Leveraging user profile data  Best practices for Online Retailers  Input from Online Retailers – needs and expectations  Wrap-up
  17. Online Retailer Benefits  Higher registration rates  PropertyMaps.com registrations increased 200% and now 25% of registrations are via OpenID  Single click login  No user name/password to forget. Increase customer satisfaction & reduce forgotten password costs  Keeping customer data current  When users change data in their OpenID profile, data can be pushed to websites where the OpenID has been used  Importing friends and contact info  From the identity provider to the recipient website  Bi-directional activity stream data  Data flows between the identity provider and recipient website. This allows the website to project its brand and customer activities to Facebook, MySpace, Yahoo, etc  Federated login across internal and partner sites  Japan Airlines (JAL) uses OpenID to allow customers to also book hotel rooms and car rentals using OpenID to transfer customer profile, flight, and other information
  18. Sample Data  Google/Plaxo: Eric Sachs to discuss  Sulit: 15% of logins are via OpenID, up from 10% a couple of months ago  37 Signals: 15% of logins are via OpenID  Mixx: UI improvement resulted in ten-fold increase in registrations via OpenID and third-party services. 20% increase in registrations from direct and referrer traffic.  AFI (Rock band, event promotion): We were blown away with the fan response. In two weeks we received 850 submissions, had 12,500+ fans register on the website, 10,000+ comments, and over 100,000 votes to select our winners.  GetSatisfaction: On deployments for their customers -Twitter and Songbird are experiencing OpenID utilization of 20% or more  Sourceforge.net: OpenID login has grown to about 10% of our total logins  Stackoverflow: Third party registrations have grown from 10K to 50K users in a couple of months
  19. Retailer Examples  Sulit  Philippine eBay-like commerce site  JAL  Federated ID with partners
  20. Sulit.com.ph  Grown from 10% of new registrations in January to 15% for Q1  Forgotten password inquiries down 50% 20
  21. JAL – Hotel SSO Federated ID And Commerce Exchange (CX) Tatsuki Sakushima - NRI
  22. Overview  JAL partners with several hotel reservation sites and refers customers.  Provides aggregated hotel search front-end. After selection, user transferred to hotel reservation system via OpenID, also sending verified personal information including credit card number with user’s consent.  Since transactions range from $100 to >$1,000, both sides needed non-repudiation, integrity, and confidentiality.  JAL used the Trusted Data Exchange (TX ) extension proposed in December 2007 at IIW.  System went LIVE on May 28, 2008 22
  23. Search Results Click “Reservation Details” 23
  24. Hotel Selection Confirmation Click Confirm 24
  25. User Login 1. Press Login “You can login with your JMB Membership Number” Although there is no mention of OpenID here, this actually is an OP Identifier based OpenID Login. 25
  26. Attribute Transfer Contract Explanation 1. Select attributes Data Usage Policy to send Data to be provided Name Address Tel email 3. Press “Agree & Proceed” Credit Card Number Expiration date for this contract For non-repudiation, This Transaction Only mutually e-signed contract is created for Until June 16, 2009 the transaction* 2. Select expiration date for contract *Based on http://wiki.openid.net/Trusted_Data_Exchange 26
  27. Name Confirmation 1. Press Next Now logged in to the Hotel Site. Double checks that you are booking for yourself. Change name to book for someone else. 27
  28. Payment Method Confirmation Credit Card Wire Transfer CVS Payment 28
  29. Credit Card Confirmation Masked for security When user selects “Credit Card”, the CC info is prefilled with data transferred from JAL to the Hotel site using TX extension. 29
  30. Managing the Contracts View Detail Stop Data Provision (contract termination) date Actual A Contract Data 30
  31. Trusted data eXchange (TX) sequence 31
  32. Business Benefits for JAL  Lower cost  Faster deployment  More flexibility  Easier federation with partners  Registration rates on partner sites increased 100% 32
  33. State of TX/CX proposal  Preliminary feedback from the community  Current implementation uses XML signature making it difficult to program in many scripting languages, consider tagged value pairs  XML processing seems to be unpopular among the community  OP and the Data Provider do not have to coincide  Data channel can be pluggable  TX non-repudiation/confidentiality/integrity properties and ability to send data in the back channel asynchronously has earned some interest among mobile operators and financial institutions.  Incorporating feedback, have created the CX proposal for the OpenID Foundation, forming Working Group  OIDF would welcome your participation with the CX Working Group 33
  34. Economic Impact Increase registration conversion rates • With over 1 billion enabled-users, by seamlessly accepting third party authentication, a site can significantly increase its registrations, CPM rates, cross sell, personalization, etc. Reduce costs • Reduce the cost associated with password management. Today 30-50% of website customer care calls are related to account/passwords and cost $25 per call to resolve Enhanced customer data and profiles • Discover where your customers are coming from, receive key customer data upon registration & subsequent login, build enhanced customer profiles Build closer partner network • Registered users can seamlessly transition between partner sites and shared services
  35. Agenda  Welcome and Orientation  Introductions, goals for the day, OpenID overview  Business case for OpenID  Leveraging user profile data  Best practices for Online Retailers  Input from Online Retailers – needs and expectations  Wrap-up
  36. Rich User Data Build rich user profiles more quickly & easily with data provided by the identity providers with customer approval  AOL: country, postal-code, birthday, email, gender, preferred-username, url  Google: verified email, testing name, language, country  Facebook: about me, activities, affiliations, birthday, books, current location, education history, first name, friend id, hometown location, hs info, interest, last name, locale, meeting for, meeting sex, movies, music, name, notes count, political, profile url, proxied email, quotes, relationship status, religion, sex, significant other id, status, time zone, tv, wall count, work history  Microsoft LiveID: email, first and last name, birthday, display name, anniversary, phone numbers, profile photo, urls, addresses  MySpace: about me, age, body type, books, children, current location, date of birth, drinker, emails, ethnicity, friends, gender, has app, heroes, interests, jobs, looking for, movies, name, family name, network presence, nickname, profile song, profile url, religion, sexual orientation, status, tv shows, urls, photos  Yahoo: email, nickname, full name, gender, language, postal-code
  37. Data Considerations Data Sources • SREG, Attribute Exchange, OAuth, Portable Contacts, Activity Streams, etc. • Consider federation with key partners Integration with existing systems • Enrollment/registration • LDAP • SAML Industry specific data • Leveraging OpenID for industry specific needs • Work with OpenID Providers Maintaining accuracy of data • Single use, pull at login, don’t store • Store and update on login Security and Trust • Verification of data • Privacy considerations
  38. Agenda  Welcome and Orientation  Introductions, goals for the day, OpenID overview  Business case for OpenID  Leveraging user profile data  Best practices for Online Retailers  Input from Online Retailers – needs and expectations  Wrap-up
  39. Website Operator Best Practices User Experience • Abstract URL entry via icons, selectors, or directed identity • Minimal clicks, store preferences for return visits • Easy linking to existing accounts • Pre-populate registration forms Data Support • Offer to import all applicable data: SREG, Attribute Exchange, OAuth, Portable Contacts, Life Stream, etc. Security • Require adequate security from OPs, balance security with convenience • Direct users to appropriate OPs for new accounts Features • Allow linking multiple OpenIDs to an account • Accept data updates from users or OPs Regulatory Framework • Privacy and regulatory compliance
  40. OP Considerations & RP Expectations User Data Support Security Features Experience • User Education • SREG • PAPE Support • Preferences and settings • Seamless and • Attribute • End user intuitive for Exchange notification • Directed users services Identity • OAuth • Minimal clicks • Duration of • Data authentication • Store Availability preferences • SSL transport • Portable • Authentication Contacts options
  41. Driving Adoption and Usage Consistent, widespread RP and OP adherence to best practices Education of and promotion to end users by OIDF, OPs, RPs Appropriate balance of security and convenience Leveraging data where possible Value-added benefits such as federated SSO, activity streams, etc.
  42. Agenda  Welcome and Orientation  Introductions, goals for the day, OpenID overview  Business case for OpenID  Leveraging user profile data  Best practices for Online Retailers  Input from Online Retailers – needs and expectations  Wrap-up
  43. Input from Online Retailers  Value Proposition  Functionality  Technology  User Experience  Data Management  Deployment  Regulatory Compliance  Other?
  44. Wrap-up  Key Feedback  Business case for OpenID  Leveraging user profile data  Best practices for Online Retailers  Input from Online Retailers – needs and expectations  Next Steps  RSA Conference  Internet Identity Workshop  Wiki, Listserv, Yahoo/Google Group, etc. Thank You!

×